I enjoyed it too, until the end. I’m not sure how I feel about the conclusion of “Well, it’s nearly impossible to install software securely on Windows, so I guess it can’t be done. Let’s use JS instead.” Secure package managers actually do exist and are not difficult to use as long as you’re not on Windows.

Secure package managers actually do exist and are not difficult to use as long as you’re not on Windows.

Well yes, but for the majority of users that’s not going to be a good enough reason to change their entire operating system. His point is that Javascript at least allows users to run software on their computers without having to give it full access. The main critique of web crypto is that it’s a chicken-and-egg problem. How do you make sure the javascript crypto code served to you was itself distributed securely? But as he has shown, distributing native code securely is not trivial either.

JS crypto might be a reasonable answer to the question of “How do I publish some of my own software which needs to be installed by the highest number of potential users as possible?” (I haven’t researched it thoroughly enough to evaluate this for myself) but it’s a terrible answer to the “How can I personally install software securely?”

A self-signed cert is good in that it allows any HTTPS connection at all. Savvy users can get the cert though a secure side channel and pin it to get server authentication without going through a CA. Downsides are that for any users not savvy enough to acquire and pin the certificate (which is for most of us all users), it’s fake security since there’s no server authentication, and web browsers spit out scary horrible warnings on self-signed certs since the most likely use case is a MitM attack.

I think the self signed cert -> mitm attack logic is itself a consequence of the fact that self signed certs have been made useless by the browsers. I.e., it is what it is.

I use self signed certs in a few places, but not on my website because if I use a self cert people will whine I’m an idiot who doesn’t know anything about security. Instead I use no cert and that’s somehow better. (I have strong feelings about the CA cabal and will not endorse them by using a “properly” signed cert.)

There is currently a debate raging about the value of opportunistic encryption and passive vs active adversaries. Personally I think passive sniffers are more likely to be found in a Starbucks than active mitm attacks. Monitoring traffic is easier than injecting it, at every level from free wifi to undersea cables. Cert pinning will hopefully make mitm a very risky proposition.

The question is if false sense of security becomes false security. I don’t know. I lean towards opportunistic encryption is strictly better than no encryption, but I can understand the argument that it’s not.

That’s why I’ve found that, in practice, they’re essentially worthless
for any “production” site. The other trick is that secure side channel;
many times, that secure side channel doesn’t exist; it’s a
chicken-and-egg problem.

The secure side channel doesn’t strictly need to be such. Really, all you need is a channel that’s secure now. Ok, fair enough, you have no way of knowing that, but if you download the cert in the clear…

The attacker has to mitm that connection and they must mitm every future connection for all time, or you will detect the cert mismatch. And they need to only mitm your connections, and not anybody who does happen to acquire the cert via other means.

Now look at mitm attacks in practice (pre-pinning). They use a compromised CA to inject a trusted cert that works today, but then they can stop at any time. The whole chain of trust thing makes the attack invisible.